lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1531905244-18044-1-git-send-email-hofrat@osadl.org>
Date:   Wed, 18 Jul 2018 11:14:04 +0200
From:   Nicholas Mc Guire <hofrat@...dl.org>
To:     Gustavo Padovan <gustavo@...ovan.org>
Cc:     Li Philip <philip.li@...el.com>,
        Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
        Sean Paul <seanpaul@...omium.org>,
        David Airlie <airlied@...ux.ie>,
        dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org,
        Nicholas Mc Guire <hofrat@...dl.org>
Subject: [PATCH V3] drm: handle error values properly

drm_legacy_ctxbitmap_next() returns idr_alloc() which can return
-ENOMEM, -EINVAL or -ENOSPC none of which are -1. since drm_context_t
is an unsigned int an intermediate variable is used to handle the
error cases, and then cast to drm_context_t after ensuring that the
value is >= 0. The explicit cast is to mark the type conversion as
intentional.

Signed-off-by: Nicholas Mc Guire <hofrat@...dl.org>
Reported-by: kbuild test robot <lkp@...el.com>
Reported-by: Sean Paul <seanpaul@...omium.org>
Fixes: d530b5f1ca0b ("drm: re-enable error handling")
Fixes: 62968144e673 ("drm: convert drm context code to use Linux idr")
---

V3: bug in patch - omission to remove old code properly - V3 fixes the
    original problem as proposed in V2 and drops the excess line.
    reported by Sean Paul <seanpaul@...omium.org> - thanks!

V2: The proposed fix in d530b5f1ca0b ("drm: re-enable error handling")
    actually was ineffective as the negative return value check was
    against a unsigned int and thus always false as reported by
    kbuild test robot <lkp@...el.com>. The below patch removes that
    warning and fixes the original problem of missed error handling.

drm_context_t is actually just used in a few placed so the type could be
changed but it is also exported via tools/include/uapi/drm/drm.h so
changing the typedef of drm_context_t could break applications and thus
this is not an option.

Patch was compile tested with: x86_64_defconfig

Patch is against 4.18-rc5 (localversion-next is next-20180718)

 drivers/gpu/drm/drm_context.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/drivers/gpu/drm/drm_context.c b/drivers/gpu/drm/drm_context.c
index f973d28..ad268c8 100644
--- a/drivers/gpu/drm/drm_context.c
+++ b/drivers/gpu/drm/drm_context.c
@@ -361,22 +361,25 @@ int drm_legacy_addctx(struct drm_device *dev, void *data,
 {
 	struct drm_ctx_list *ctx_entry;
 	struct drm_ctx *ctx = data;
+	int ret;
 
 	if (!drm_core_check_feature(dev, DRIVER_KMS_LEGACY_CONTEXT) &&
 	    !drm_core_check_feature(dev, DRIVER_LEGACY))
 		return -EINVAL;
 
-	ctx->handle = drm_legacy_ctxbitmap_next(dev);
-	if (ctx->handle == DRM_KERNEL_CONTEXT) {
+	ret = drm_legacy_ctxbitmap_next(dev);
+	if (ret == DRM_KERNEL_CONTEXT) {
 		/* Skip kernel's context and get a new one. */
-		ctx->handle = drm_legacy_ctxbitmap_next(dev);
+		ret = drm_legacy_ctxbitmap_next(dev);
 	}
-	DRM_DEBUG("%d\n", ctx->handle);
-	if (ctx->handle < 0) {
+	DRM_DEBUG("ctxbitmap is error code %d\n", ret);
+	if (ret < 0) {
 		DRM_DEBUG("Not enough free contexts.\n");
 		/* Should this return -EBUSY instead? */
 		return -ENOMEM;
 	}
+	/* valid context is >= 0 */
+	ctx->handle = (drm_context_t)ret;
 
 	ctx_entry = kmalloc(sizeof(*ctx_entry), GFP_KERNEL);
 	if (!ctx_entry) {
-- 
2.1.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ